The well-known blockchain of Aptos has launched a new crypto wallet, called “Aptos Connect”, ensuring security without private keys.
This is a web application that leverages zk-proof technology, eliminating the need for hardware security modules, keys, or multiparty computation network.
Users can therefore connect to the wallet with traditional web2 onboarding tools such as Google ID.
Let’s see everything in detail below.
Aptos Connect: the new crypto wallet with access without private keys, a new level of security
On July 3rd, Aptos Labs announced a major development that could revolutionize the way we conceive access to cryptographic tools.
Let’s talk about Aptos Connect, a new crypto wallet that does not require private keys but uses ZK proofs to verify users.
The peculiarity of this portfolio is that it eliminates the presence of hardware security modules, network keys, or a multiparty computation network.
In their place, Aptos introduces connection via Google ID, greatly simplifying the onboarding process for potential new users.
With a simple click, it is now possible to interact with the crypto world without feeling the burden of self-custody of private keys anymore.
According to the announcement, Aptos achieves this by using:
“the OpenID Connect (OIDC) standard and zero-knowledge proofs to link social logins to blockchain accounts.”
As reported in the following image, users can create their own wallet and connect to the application by pressing the “Continue with Google” button .
Aptos has revealed that soon the integration of Apple ID with the wallet will also arrive to provide a valid alternative outside of Google.
It is not the first time that a cryptographic company introduces web2 onboarding tools such as Google ID or Apple ID.
In the past, other wallet providers, such as Magic Labs, Magic Links, Web3 Auth and Smart Wallet by Coinbase, have used a similar approach.
Simplifying access to the web3 world and making the user experience enjoyable will make it possible to attract true mainstream adoption in crypto.
In order to reach the masses, in fact, a technological product must be convenient to use, not relying on the user’s own memory or storage capabilities.
The zk-proof as an access tool without losing security and privacy
As reported by the developers of Aptos, the creation of the new wallet app was made possible by the Aptos Improvement Protocol 61 (AIP-61), introduced on April 1, 2024.
This update allows authorizing transactions through Web JSON tokens (JWT) used by Google, Facebook, Apple, and other access providers.
In this context, zk-proofs, or the so-called zero-knowledge cryptographic proofs, play a fundamental role.
This type of technology, massively present on Ethereum layer-2 such as ZKsync, Starknet, Linea, and Scroll, helps to ensure privacy and security.
The zk-proofs in fact mask the digital identity of the user and the access provider, preventing the unwanted proliferation of data. Additionally, they ensure that the Google ID associated with an Aptos crypto wallet is not revealed in transactions on the blockchain.
Aptos believes that this access service can truly help the growth of the crypto landscape, bringing on board a new generation.
This when reported in the announcement of presentation of Aptos Connect:
“Leveraging familiar web2 access flows, Aptos Connect makes it easier than ever for builders to onboard a new generation of users into the world of blockchain with a single click, no private key.”
From a technical point of view, zk-proof, applied to the field of blockchain, work in this way: they group transactions off the main chain, and send them compressed in a single transaction through a batch.
The network to ensure that the transactions are correct, uses a “proof of validity” that irrevocably demonstrates the legitimacy of the operations.
Once confirmed, the transactions are sent to the main layer, which verifies them and adds them to the block. All this without losing the privacy factor.
On Aptos Connect the mechanism is a bit more complex but it is always based on the same principles.
The keyless mechanics of Aptos involve using a hash of the e-mail ID and app ID of a user for the blockchain address. Google, or another OIDC provider, signs on this and any arbitrary data, such as a transaction.
The validators can verify, using zero knowledge, that the transaction signature matches the e-mail and the app ID in the blockchain address, maintaining security and privacy.
Integration of the Aptos wallet with web2 services: pros and cons
Although web2 access tools may seem extremely convenient, they also present some significant disadvantages.
In fact, the crypto wallet Aptos Connect relies entirely on the security of the user’s Google account to ensure the integrity of the funds.
If the Google account is hacked, the user risks losing the funds contained in the keyless wallets. In this way, the concept of self-custody diminishes somewhat, moving increasingly towards a more centralized conception, at least for the connection tools.
It is clear that by necessity one cannot have the utmost security without resorting to the use of private keys and relying solely on ID connections.
Comfort and simplicity take precedence over the security factor, which in the end is still treated seriously by Google and other access providers.
Aptos believes that this is a risk that is overall acceptable for new users who wish to enter the crypto world.
We must always remember that “all the software on the Internet” currently relies on Web2 access providers.
In this specific context, however, securing the devices takes on a more important meaning because there is an economic value to protect.
It will be increasingly important, therefore, to find hybrid solutions that can guarantee the impenetrability of wallets from external actors, while maintaining a smart approach.
Once the crypto world has reached a balanced compromise between the security of self-custody and the simplicity of access and operation, we could aim for mass adoption.
Until then, we can only experiment with as many wallet solutions as possible, paying attention to the way they are conceived by the end user.